Sign up for Office 365
Learn more about Office 365
The App is designed for iOS devices, specifically iPhone and iPad. It is available only to the customers using Office 365 (latest release). It provides access to primary user's mailbox and has a similar feature-set as OWA (when used in a browser). There are differentiations available where appropriate, like device camera/photo gallery & contacts integration, it uses iOS notifications (for reminders), swipe behavior, voice controls, etc.
Mail, Calendar & People
The emphasis is on three main default folders & related common scenarios that are frequently used by OWA users. Those features are Search, Meeting scheduling, Availability, Shared Calendars, etc.
The App supports PIN/Passcode requirements (enforced by Tenant Admin as part of MobileDeviceMailboxPolicy), Information Rights Management (IRM), selective remote data wipe (only wipes the data inside the app & account settings, does not wipe the whole device), etc.
Office 365 users who have iPhone 4S or higher, iPad2 or higher with iOS 6 or higher can download & install this app from Apple App Store to connect to their mailbox in Office 365 (Exchange Online, latest release, after 'Service Upgrade', see 'Am I using Office 365 after the service upgrade?'). Connectivity via POP, IMAP or other protocols is not supported. Anyone still on the previous version of Office 365 also cannot use the app to connect to their mailbox. Customers using different versions of Exchange for On-Premises are also not supported at this time.
It is currently available form Apple App Store worldwide after release on 7/16/2013 (see blog posts 1 & 2).
It supports 33 languages that are supported by iOS for in-app dialogs (Apple KB article). After connecting to the mailbox in Office 365, App experience is driven by mailbox language setting in OWA (OWA : Options : Settings : Regional) & for that Exchange supports 60 languages (see TechNet articles 1 & 2). Currently, in version 1.0 of this App, if a user set the iOS language to Dutch, the in-app dialogs are displayed in English, but experience after mailbox connectivity is still driven by mailbox language, i.e. Dutch. This issue is tentatively planned to be fixed in the next update.
How it Works?
It will be helpful for everyone interested in functional details of the app to take a look at the Technical Architecture Keynote Presentation for Exchange 2013 @ MEC by Ross Smith IV. The recording is available at http://www.iammec.com/video. Check out the part where he explains the CAS 2013 Client Protocol Architecture (figure pasted below for reference).
The application connection mechanism is similar to OWA in a browser but with slight differences worth noting.
1. Over an HTTPS connection, App sends an AutoDiscover query to find the server settings
2. CAS proxies the AutoDiscover request to Mailbox server to retrieve AutoDiscover settings
3. After a successful AutoDiscover, the App receives a 302 redirect to the OWA virtual directory
4. CAS then proxies the request to the OWA virtual directory on the Mailbox server
5. When the request reaches OWA component on Mailbox server, EWS commands are issued to the Store by using the EWS API, that is loaded in the OWA Application Pool
Finally, the app gets connected to your mailbox!
After fresh installation when you first launch the app, it walks you thru a tutorial which provides instructions on how to use the basic features provided by the app.
Exchange Account Configuration
(A) Successful Connection (Autodiscover is working)
Below is a screenshot based walkthrough of the successful account configuration process which utilizes autodiscover (like Outlook does running on a desktop machine) to locate mailbox settings after connecting to the server. User just has to provide his credentials (full e-mail address and password) for this process to start and Tenant Admin needs to make sure Autodiscover related DNS records have been published for this process to be successful (refer to articles 1 & 2, see 'Method 2'). The app will prompt the user to set a PIN based passcode, if Tenant Admin has set that requirement for his organization. By default, PIN/passcode requirement is not enabled in Office 365. Once user does that, the app gets connected to his/her mailbox and starts downloading mail from primary folders (Inbox, Calendar, Contacts/People, etc.) to set it up for offline usage later when needed. After that app will be ready to use.
(B) Unsuccessful Connection (Autodiscover is not working)
If Tenant Admin has not published required autodiscover related DNS records then the app may fail to configure the account automatically and will display the following error message.
(C) Advanced Settings (in absence of Autodiscover)
In that case, user may try again after ensuring his Tenant Admin has published required DNS records for autodiscover process to succeed or he can click on the 'Advanced' button to provide more parameters to help app in locating & connecting to his mailbox in Office 365. Under the 'Advanced Settings' wizard, its recommended to provide these settings:
1. Full e-mail address
3. Enter you full e-mail address again in the 'User name' field
4. You can leave the 'Domain' field blank (as your mailbox is in Office 365)
5. Enter 'outlook.office365.com' in the 'Server' field
6. Check the box for 'Server requires encrypted (SSL) connection'
7. Then tap on Sign in to continue ...
(D) Server Version Requirement
In cases where user's mailbox may be on older version of Office 365, app will display the following compatibility error message.
(E) Temporary Connectivity Issues
In cases where user's device is having intermittent connectivity issues with the server, the app will display the following error message.
After successful connection with server, the app checks primary folders (Inbox, Calendar, etc.) for new items. It downloads 3 days' worth of messages/items and store them locally on device for offline access, rest of the items are fetched from server on access (when user taps on that item). The app also maintains a user action queue, where it keeps track of different actions user is taking on existing items resulting in changes like flag, delete, move, etc. and syncs them back to server periodically.
The app uses Apple Push Notification Service (APNS) for new mail notifications. A registration is required on the device after the first successful connection with the server. It happens after first launch & attempt to sync with server (after successful account configuration). The app uses numeric badge icon for new mail while meeting reminders show up as alerts and banners with sound.
S/MIME, IRM & Data Encryption
S/MIME is not supported. The app provides identical feature-set as OWA in browser. User can read digitally signed mail but cannot verify signatures, cannot read encrypted mail and cannot create/send digitally signed or encrypted mail. As per Apple (KB article) app data is encrypted, if ‘Passcode Lock’ is active on supported iOS devices. The app supports Office 365 Information Right Management (IRM) feature after Tenant Admin enables it as per the instructions provided by Office 365. See article 1 & 2 for more info on enabling IRM feature in Office 365.
Password Expiration Scenario
When user's Office 365 password expires, the app displays the following warning message. User can change his password by clicking on 'Change your password' link in the message. User will be taken to Office 365 website in a browser to do that. Once user changes his password, he can come back to the app and enter the new password to continue working with the app. Some other related scenarios are noted below.
1. If password has already expired, and user ties to configure account in the app, he will see an error. User will then need to reset password using a browser.
2. When user updates his password via a browser (outside of the app or not as a result of warning by the app), due to password/authentication token caching mechanism, it may take some time for the app to prompt the user to enter that new password. At that time, you may try to close & restart the app to trigger it.
3. New Office 365 users who have been assigned a temporary password by their Tenant Admins, should always use the browser first to update their password to a permanent one & then configure their account in the app.
Users can access their primary & archive mailboxes using the app. The app does not support access to other user’s mailboxes if/when shared with the app user. Users can’t create new folders using the app. Inbox Rules are also not available for configuration. User can swipe on a message in either direction to view more message related options like delete, flag, move, etc. The swipe operation can be performed on multiple messages at the same time and then user can choose to take a single action on all selected messages. Drafts folder is synched among Outlook, OWA (in a browser) & the app so all content can be accessed using any of these clients at any time.
Some common limitations between OWA in a browser and the app are:
1. Notes folder is accessible thru the app so that user can read existing notes created via Outlook but user cannot create any new items using the app in Notes folder.
2. RSS Feeds folder will work in the app to display content from any of the RSS Feeds that were added by the user using Outlook but new RSS feeds cannot be added to the folder using the app.
3. Journal & Search Folders are not accessible via the app.
User can access other user's shared calendars in the app. Shared calendars of other users can be opened in the app by clicking on the invite in user's Inbox that was sent by other user. Shared calendar are displayed in a side by side layout with primary calendar (app user's own calendar). User can open multiple shared calendars of other users, a maximum of five calendars can be opened including user's own primary calendar.
People section in the app provides same feature-set as OWA in a browser. User can search Global Address List (GAL ) while connected to server. The app also displays photos for other users' contacts in GAL. Auto-complete name cache feature is available when composing new mails, but it is not shared among Outlook, OWA (in a browser) & the app. Offline GAL displayed in the app does not work in Offline mode (when the app is not connected to server, in the absence of Internet connectivity), this is the same limitation as in OWA in a browser.
There are some settings available via Options in the app as compared to the Options available via OWA in a browser. They are Out of Office/Facility (OOF) message, time zone, e-mail signature, passcode (personal) & contact sync between user's primary Contacts folder in his mailbox and the Contacts app in iOS. Contact sync option is very useful on iPhone as when user receives an incoming call from a contact in his mailbox contacts folder, but not in his iOS contacts folder, the Caller ID info is displayed from his mailbox contacts folder.
iOS Settings for OWA App
App settings available via iOS Settings are:
1. Reset Application: This option can be used to reset the app. Its recommended to first close the app, then set the reset flag to ON, after that when user launches the app, the app is reset by purging any mail account info and data it previously has stored locally on the device.
2. App & Server versions: This info is helpful when troubleshooting any app related issues.
3. Advanced: Over here server settings are stored for mail account that is configured in the app. User can also turn on Diagnostic to enable logging for troubleshooting purposes.
4. Notifications: User can configure notifications related options for OWA app in that section. The options are related to new mail badge app icon and meeting reminders.
Mail apps for OWA
The app supports use of other custom developed OWA apps like Bing Maps, etc. which one can use in Outlook and OWA in a browser.
The app also support responding to messages which have voting buttons. Using the app users cannot create new messages with voting buttons.
Integration with iOS Photos & Camera Apps
User can attach pictures from Photos app (Gallery) in iOS or taken new picture on the fly (using Camera app) to attach with outgoing messages. User can attach one picture at a time, multiple attachments in one attempt is not supported.
Attachment File Types
The app supports common file types like Office docs, PDF, images (JPEG, GIF, PNG, BMP, etc.) to be sent and received as attachments to mail messages. It uses built-in rendering engines to render these attachments. Using the app user cannot edit these attachments.
With a press and hold action on the modular blue icon at the bottom left corner of the app (looks like a 'frog'), user will be prompted to enter some common voice based commands or tasks, like Open calendar for tomorrow, Find Alex, New e-mail to Jane Smith, etc. This feature currently supports only English (AU, CA, GB, IN & US) language.
Support for 'Send As' & 'Send on Behalf'
If the app user has 'Send As' or 'Send on Behalf' rights assigned by other user, then user can send messages as or on behalf of that other user. The 'Send As' & 'Send on Behalf' rights can be assigned by your Tenant Administrator using Exchange Admin Center (EAC) in Microsoft Online Portal (MOP), see this article for instructions. The related 'mailbox delegation' settings appear like this in EAC.
Now, let's assume a user Kim Akers has assigned 'Send on Behalf' rights to another user Dan Park, who is using OWA App on his iPad. The above 'mailbox delegation' settings will appear like this:
Now, Dan Park can send messages on behalf of Kim Akers using OWA App on his iPad. Here are the steps one will need to follow in this scenario:
1. Create a new message
2. Click on the ... icon on top right hand corner to have a list of available options displayed
3. Tap on 'show from' to have the 'From' field displayed in the new e-mail message
4. Tap and hold on 'From' field to have a menu displayed with 'edit, remove, details' options
5. Tap on 'remove' to delete your own e-mail address
6. Type in the user name (or his/her e-mail address) who has assigned you appropriate rights, i.e. 'Send As' or 'Send on Behalf' rights
7. Now compose the message as usual and send it to recipients. They will see that the message has come directly from you (if you had 'Send As' rights assigned to you) or message header will say something like 'Dan Park on behalf of Kim Akers' (if you had 'Send on Behalf' rights assigned to you).
The Offline support is similar to Offline support for OWA in a browser. It provides some basic features, primarily the ability to triage your e-mails, create new items in Calendar or Contacts folders, which will sync to your mailbox on server when the app connects again. It is not designed to be a replacement for 'Cached mode' in Outlook.
Contextual help is also available in the app, help topics launch in browser when user taps on help. There is a known rendering issue with help page rendering in browser on iOS (i.e. entire page contents do not render). User can change the device orientation to immediately resolve this issue.
The supported policies for the app are a subset of Exchange ActiveSync (EAS) policies (mentioned below), extended EAS policies are not supported by the app. Supported policies mainly deal with the password or PIN code requirements on the device. They are available to Tenant Admins in Office 365 via the Graphical User Interface or PowerShell and they are all disabled by default. Tenant Admins can enable these policies based on the requirements of their organizations. Device access rules (as part of EAS policies) do not apply on devices that are running OWA app. Segmentation feature is supported via OWA mailbox policies. Only some of those OWA policies are supported (marked in green), while others are not (marked in red) supported by the app.
Here is an example of how main module of OWA app looks like when the Calendar and People/Contacts folders were disabled for the app user.
In order to get a list of device properties which will display the use of OWA app and related parameters, Tenant Admins can use these cmdlets in PowerShell.
Get-MobileDevice –mailbox <user>, where user could be 'dan'
Keep in mind that the existing cmdlet "Get-ActiveSyncMailboxPolicy" will soon be replaced by the new cmdlet "Get-MobileDeviceMailboPolicy" in Office 365. You can use this cmdlet to get a list of policies in the default policy applied to all users.
A Tenant Admin can also go to Exchange Admin Center (EAC) after logging into Microsoft Online Portal (MOP) and then Recipients : Mailboxes : double click on a user object here, like Dan Park, to view mailbox properties. In the 'Mobile Devices' section, Admin can view the details of all mobile devices in use by that user. Both types of devices are displayed there, the ones using EAS and the ones using the OWA app. Over there Admin can perform available management tasks like wipe a device, etc.
(A) Tenant Admin Experience
The screenshots below document the experience when a Tenant Admin wipes a user device remotely thru EAC.
1. A warning is displayed for confirmation as soon as Tenant Admin chooses to wipe a user's device (keep in mind that only data stored inside the app is wiped, not the whole device)
2. The device is then listed in the EAC in 'Wipe Pending' state
3. When user launches the app, a warning is displayed by the app to inform him of the remote wipe initiated by Admin on the server side and all mailbox data is immediately wiped from the app storage
4. The device status is then updated in the EAC saying 'Remote Device Wipe Successful' to inform the Admin
(B) User Experience
Similarly a remote wipe (keep in mind that only data stored inside the app is wiped, not the whole device) can also be initiated by the user himself by logging into OWA in a browser and going to Options : Phone
Disable ‘OWA for Devices’ App
Office 365 Tenant Admins can use the following cmdlets to disable ‘OWA for Devices’ app in their organization.
To disable the use of app for all users:
Get-CasMailbox |set-CasMailbox -owafordevicesenabled $false
To disable the use of app on a per user basis:
Set-CASMailbox -Identity Alias -OWAforDevicesEnabled $False
Same task can be performed via EAC when viewing a user's mailbox properties as we mentioned earlier.
When OWA app use is disabled for users in an organization, they will see this error (right after the screen asking for their PIN, in case PIN requirement was enabled by Tenant Admin)
Some possible troubleshooting options are:
OWA in Browser
Use OWA in a browser to compare the behavior you see in the OWA app. If it does not work in OWA in a browser, most probably it may not work in the app either.
You can also test with this special URL https://outlook.office365.com/owa?layout=twide in a browser to see if the experience is different.
Close and Reset App
You can close the app by quick double tap on device’s 'Home' button. After you do that the launch bar at the bottom of the screen will have icons of running apps. Tap and hold on OWA app icon, a red minus sign will appear, click on it to close the app.
You can reset the app by going to iOS Settings : OWA : Reset Application : turn it ON
After resetting the app, when you launch it again, it will behave as a newly installed app. You can then reconfigure the mail account and see if the issue is still there.
Common Troubleshooting Options
First of all, make sure you go thru the troubleshooting suggestions Apple has documented in this article for apps purchased from the App Store:
iOS: Troubleshooting applications purchased from the App Store
Please note down your observations (we will need those from you) to the six different suggestions that are documented in the article, i.e. what did you see as end result after you tried that suggestion. Did it help, did it change the issue's behavior in any way? It will be helpful to start with these basic checks before we go towards more advanced troubleshooting options.
After noting down your observations on the above mentioned six different suggestions in the Apple's article, if the issue is still unresolved, we will need you to provide us logs from the OWA app to help further investigate the issue. It would be great if you can provide logs from multiple devices where you see the issue. It will help in correlating the events in those logs if the issue is identical in nature on all those devices.
Turn on the Diagnostics in the iOS Settings for the app, as mentioned above (See 'iOS Settings for OWA App', bullet #3 'Advanced'). It will enable logging by the app. The log files are stored on the device and can be retrieved by following the procedure documented below.
1. Connect your iOS device to iTunes application installed on your computer
2. After the successful connection, select your device in iTunes (on top status bar, it may appear on right hand side on that bar or under "Devices" in the left pane of iTunes, if its an older version of iTunes)
3. Now go to "Apps" tab in the device view
4. At the bottom of the page, you will find a "File Sharing" section with a list of "Apps" installed on your device
5. Select "OWA" in that list and on right hand side, under the "Documents" section, you will see a few log files (1 or more files, named as "mowa.log"), select them and click on "Save to" button at the bottom of that section to save those to your computer
6. We need those files for further investigation
1. In the first version of the app released on 7/16/2013, only after you configure your Office 365 account for the first time, if your Tenant Admin has set a PIN requirement policy, the app may require you to enter the PIN twice before you can use the app. It does not happen afterwards.
2. If you make any changes to your 'Favorites' using Outlook or OWA in a browser, those changes may be sync after a considerable delay or may not sync at all. A quick way to address this issue is to close the app, then reset it and go thru the account configuration wizard again.
3. You may notice that the meeting reminder notification will display ‘now’, when the meeting actually starts 15 minutes later.
4. After you launch the app, if it gets stuck at the 'Starting OWA' screen and you never get to the account configuration screen where you may enter your credentials, then go to iOS Settings : General : Date & Time, over here if the "24-Hour Time" format is OFF, then turn it ON and see if you still experience the issue. Only some users have complained about this issue on iPhone 5, iPad 3 & iPad Mini and the 'Date & Time' format workaround mentioned here worked to resolve the issue for them.
5. The OWA app is available only for specific version of iPhone and iPad (see 'Requirements' section above for more details). If someone tries to install it on an iPod Touch device, he may see a seemingly unrelated error saying "This app requires a digital compass". This error comes up as you cannot use it on an iPod Touch.
1 out of 1 people found this post helpful.
Is the remote wipe only supposed to wipe the data for this app or is it supposed to wipe the entire device.
Does anyone have specifics on how the data "at rest" is secured when offline usage is enabled with the local storage that uses SQLite? I can't seem to find anything but transport security information.
Why is there always the assumption that the full email address and the userID/UPN are the same? I know it's a recommendation but incredibly difficult to retro-fit into a ADFS enabled organization. Autodiscover is always a nightmare because of this.
On the iPhone, does a shared calendar show up the same as it does on the iPad. I have a use who cant find the second calendar on the phone.
Why no on screen "notifications" for new email messages? At least that's what I'm experiencing. I get on-screen reminders of meetings and get a "vibrate" when a new email message is received on my iPhone by OWA -- but no on-screen alert or banner for new email messages. From your description above of "push" notifications I may be experiencing it as you've designed.
pfp: Remote wipe will ONLY wipe the data for this app (OWA for iPhone/iPad). After the remote wipe, the app will reset and go back to the original state & it would be like you have just installed it from the App store. You will then have to configure it again to connect to a mailbox. The mailbox data stored inside the app and mail account settings are wiped. Remote wipe feature does NOT wipe the whole device and/or set it back to default ('out of the box') settings. HTH.
Is it possible to add more than 1 e-mail account on this app?
Anyone able to help? We have iPads and are using the OWA app and can get to OWA via the browser. Even using the browser there isn't an Options section like shown in the image above. So our iPad users cannot change their e-mail password before it expires or after it expires. Unlike the images above, our iPad users do not get a notification saying their password is about to or has expired. We obviously want people to be able to change their passwords. Any input?
Nicholas Dambrosio: OWA App uses the infrastructure provided by iOS to keep the locally cached or stored data secured and away from illegal access. Please refer to this document [iOS Security: www.apple.com/.../iOS_Security_Oct12.pdf] published by Apple to understand that better. I can further highlight the authentication process to better understand how the credentials of a user are stored and utilized by the app. The authentication for the app relies on OWA ‘Forms Based Authentication’. Due to session expiration (as a result of long inactivity, etc.), the user credentials should be available to be used by the app at appropriate times, thus they are stored locally on the device (otherwise app will have to repeatedly prompt user to enter credentials). The credentials are stored on the device but in the native code (‘App Sandbox’) and are not exposed to attacks that can affect browser technology. When a Password/PIN is enforced by Exchange Online (in Office 365), that provides a high level security layer and further iOS isolates & encrypts app data at iOS level (as discussed in the Apple document linked above and this Apple article: iOS: Understanding data protection at support.apple.com/.../HT4175). HTH.
Newcastle: In Office 365 environment, that's a safe assumption for most small to medium sized customers, but I agree it could differ for larger enterprise customers and thus you're free to enter what's true in your case. Generally, using the default SMTP address is the best way to go when configuring an Exchange account in a client application.
CoreSystemsGroup: It works the same way as far as the configuration and opening of Shared Calendars go but display is a bit different on an iPhone, as the screen is smaller and app does not offer weekly views, the appointments and meetings for different users (including primary user) are displayed with colored labels (just as you see above) on the day view. I've added a couple of screenshots from an iPhone to show this above under 'Calendar' section.
AlanCSmith-ONA: Yes, that is 'by design'. The app does not offer 'banner' or 'alert' notification for new mail. Thanks for your feedback.
Kleberdna: No, there is no way to add more than 1 account in the app.
Mary L: "Options" are there in the same place in OWA (when you log in via a browser on iOS devices) where you see them in the OWA App installed on the same iOS devices. Specifically, log into OWA, on the main screen when you are looking at your Inbox, click on the ... (three dots) on the right hand bottom corner, a short menu will pop up and Options is listed as second choice there. OWA (in a browser) does not provide a notification in advance if your password is about to expire, let's say' after 10 days, neither does the OWA App. But in case if your password has expired and you try to log into OWA using a browser, then you will automatically be taken to "Change/Update Password" page served by Office 365, where you can change or update your password and then log back into OWA using the same browser. With this feature in place, your users will never be locked out of OWA if their passwords expire at any time. Also keep in mind that, "Options" page on an iOS device does not provide any way to change your existing/expiring passwords anyway. In the end, I would highly recommend your iOS device users to install and start using this OWA App as it provides many features (calendar sharing ,password expiration notification, etc.) that are not available in the native mail app.